An interesting revelation made recently by the US and UK intelligence agencies finds that the Russian hacking group, Turla, have masked multiple attacks on their targets by hacking Iranian hackers first and using their tools and strategies.
According to recent reports by the UK and US intelligence agencies, the Iranian group known as OilRig ended up being hacked by Turla — another hacking group based in Russia. However, Russians allegedly had a special purpose in hacking OilRig, which was to piggyback on the group and use it for launching attacks on their real targets.
This curious technique was finally revealed by an NCSC (National Cyber Security Center) investigation, which started looking into attacks on a UK academic institution as far back as in 2017. The investigation lasted for months, and it eventually discovered that the true attackers were members of Turla, which was discovered when they were caught scanning for tools and capabilities used by Iranians.
Continuing the investigation, NCSC discovered that Russians attacked over 35 countries by using this method and that most of their targets are in the Middle East. More than 20 attacks ended up being successful, too, and hackers allegedly managed to steal classified documents and government secrets. Furthermore, it appears that Turla stole from Iranian hackers, as well, in addition to conducting its own attacks.
Most investigations into these attacks would end up tracking the trail back to OilRig, which is where they would stop, expecting that they have found their attackers. So far, there is no evidence that OilRig was aware that they were compromised, nor that they allowed Turla to use their tools and methods.
It goes without saying that this is an entirely new level of sophistication when it comes to cyberattacks and that this sector is getting more complex than ever. However, security experts also do not expect that Russians were trying to frame Iranian group for any of their activities — they simply used it to gain access to their targets easier.
Experts also say that these attacks might not be ordered by any state, although both groups have been known to work with government agencies.
What do you think about Turla’s use of OilRig to launch attacks? Are you concerned about the sophistication of these attacks? Leave your thoughts in the comments below.
Images are courtesy of Pixabay.